Skip to content

Commit 1e0031c

Browse files
jl-pmjl-pm
authored
Update quick-create-portal.md
1 parent f081164 commit 1e0031c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/confidential-computing/quick-create-portal.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ For more information about connecting to Linux VMs, see [Create a Linux VM on Az
124124
## Install Azure DCAP Client
125125

126126
> [!NOTE]
127-
> [Trusted Hardware Identity Management (THIM)](https://learn.microsoft.com/en-us/azure/security/fundamentals/trusted-hardware-identity-management) is a free Azure service that helps you manage the hardware identities of different Trusted Execution Environments (TEEs). It fetches collateral from Intel Provisioning Certification Service (PCS) and caches it. The service enforces a minimum Trusted Compute Base (TCB) level as Azure security baseline, for attestation purposes. For DCsv3 and DCdsv3-series Azure VMs, the Intel certificates can only be fetched from THIM, as it is not possible to make direct calls to Intel service from the VMs.
127+
> [Trusted Hardware Identity Management (THIM)](https://learn.microsoft.com/azure/security/fundamentals/trusted-hardware-identity-management) is a free Azure service that helps you manage the hardware identities of different Trusted Execution Environments (TEEs). It fetches collateral from Intel Provisioning Certification Service (PCS) and caches it. The service enforces a minimum Trusted Compute Base (TCB) level as Azure security baseline, for attestation purposes. For DCsv3 and DCdsv3-series Azure VMs, the Intel certificates can only be fetched from THIM, as it is not possible to make direct calls to Intel service from the VMs.
128128
129129
With the release of the Intel® Xeon Scalable Processors, remote attestation support is changing. DCsv3 and DCdsv3 only support [ECDSA-based Attestation](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html) and the users are required to install [Azure DCAP](https://github.com/Microsoft/Azure-DCAP-Client) client to interact with THIM and fetch TEE collateral for quote generation during attestation process. DCsv2 continues to support [EPID-based Attestation](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html).
130130

0 commit comments

Comments
 (0)